cvs commit: ports/security/vuxml vuln.xml
Xin LI
delphij at delphij.net
Tue Jul 24 22:30:36 UTC 2007
Simon L. Nielsen wrote:
> On 2007.07.24 14:17:07 +0000, Xin LI wrote:
>> delphij 2007-07-24 14:17:07 UTC
>>
>> FreeBSD ports repository
>>
>> Modified files:
>> security/vuxml vuln.xml
>> Log:
>> The previous vuxml entry applies to jakarta-tomcat 4.0.x as well, so mark
>> it as affected as well. Since there is no newer release I have used 4.1.0
>> as the "fixed" version.
>
> Has it actually been fixed in 4.1.0? If not you should just not set a
> top version to avoid a new release which actually doesn't fix the
> issue being marked secure.
No. The version is chosen because that 4.1.0 is greater than the
possible version (the port itself is 4.0.x). Should there be a better
way to represent it, please feel free to commit a fix, thanks!
Cheers,
More information about the cvs-all
mailing list